Jail incompetent council folk who leak our data, thunders furious BBW

Internal slaps on the wrist are no punishment for endangering the public

A report published today by British privacy rights group Big Brother Watch (BBW) says the scale of private data being leaked is so great that those responsible should be jailed.

Between April 2011 and April 2014, local councils experienced around four data breaches a day – a total of 4,236 instances – according to figures compiled by BBW.

In the three years covered by the report (PDF), more than 400 devices, including 180 mobile phones, computers, tablets and USBs, were lost or stolen. In a further 600 cases information was inappropriately shared.

BBW is annoyed that just one person has faced criminal sanctions, despite the huge number of breaches. Fifty were dismissed and another 39 resigned, but BBW says this does not go far enough, particularly as children’s information was involved in 658 occasions.

“Current penalties for serious data breaches do not deter individuals who are seriously considering breaking the law,” says the report, adding that “where a serious breach is uncovered the individual should be given a criminal record” to prevent them moving to a new organisation and doing the same thing again.

With “human error” being the main reason behind the vast number of breaches, BBW says data protection training should be mandatory for members of staff with access to personal information as well as mandatory reporting rules for breaches that concern members of the public.

Some of the highlights of the report:

Cheshire East: Inappropriate use of CCTV. A CCTV operator watched part of the wedding of a member of the CCTV team. They were issued with a “Management instruction” on future use of equipment.

Lewisham Council: A social worker accidentally left a bundle of papers on the train. The bundle included personal and sensitive data relating to 10 children, including: names, addresses, date of birth, and third party information in relation to sex offenders, police reports and child protection reports. The individual involved resigned during disciplinary procedures.

Aberdeenshire City Council: An unencrypted laptop containing the details of 200 schoolchildren was stolen. The laptop was later recovered. No disciplinary action was taken but the matter was reported to the Information Commissioner’s Office.

“Despite local councils being trusted with increasing amounts of our personal data, this report highlights that they are simply not able to say it is safe with them. A number of examples show shockingly lax attitudes to protecting confidential information. For so many children and young people to have had their personal information compromised is deeply disturbing. Until we see these policies implemented, the public will simply not be able to trust local councils with their data,” said BBW privacy campaign director, Emma Carr. ®